User
We are planning to implement ISO 27001:2022 version for our organisation in UK region. Since we do not have any physical office because the size of the organisation is very small and our staff are working virtually. We had a box address available.
Query: Whether it is mandatory to have physical office for implementing and getting certified for ISO 27001:2022.
Experta
For certification purposes, an organization needs to provide at least one physical address (in general, for remote work environments where management activities are performed or the CEO’s home address). An alternative would be to consider an alternative location, like renting a small office in a shared workspace, for example.